¶íÂÞ˹µç×ÓÂòÂôƽ̨RoseltorgÔâÇ×ÎÚ¿ËÀ¼ºÚ¿Í×éÖ¯ÍøÂç¹¥»÷

°ä²¼¹¦·ò 2025-01-17

1. ¶íÂÞ˹µç×ÓÂòÂôƽ̨RoseltorgÔâÇ×ÎÚ¿ËÀ¼ºÚ¿Í×éÖ¯ÍøÂç¹¥»÷


1ÔÂ14ÈÕ £¬¶íÂÞË¹ÖØÒªÈ·µ±¾ÖºÍÆóÒµ²É¹ºµç×ÓÂòÂôƽ̨RoseltorgÔÚÖÜһȷÈÏ £¬Æäƽ̨Ôâ·êÁËÍøÂç¹¥»÷ £¬µ¼Ö·þÎñÁÙʱ¶ôÖÆ¡£RoseltorgÊǶíÂÞ˹µ±¾ÖÑ¡¶¨µÄ×î´óµÄµç×ÓÂòÂôÔËÓªÉÌÖ®Ò» £¬Õƹܹ«¹²²É¹º £¬Ô̺¬¹ú·ÀºÍ¹¹ÖþÐÐÒµµÄºÏͬ £¬²¢Ìṩµç×ÓÎĵµÖÎÀíºÍ²É¹º¹æ»®¹¤¾ß¡£ºÚ¿Í×éÖ¯Yellow DriftÐû³Æ¶ÔÕâ´Î¹¥»÷ÕÆ¹Ü £¬Ðû³ÆÉ¾³ýÁË550TBµÄÊý¾Ý £¬Ô̺¬µç×ÓÓʼþºÍ±¸·Ý £¬²¢°ä²¼Á˾ݳƱ»ÈëÇֵĻù´¡ÉèÊ©µÄ½ØÍ¼¡£Õâ´Î¹¥»÷ÒѾ­Ó°Ïìµ½ÒÀÀµRoseltorgÔËÓªµÄ¿Í»§ £¬Ô̺¬µ±¾Ö»ú¹¹¡¢¹úÓÐÆóÒµºÍ¹©¸øÉÌ £¬µ¼ÖÂDZÔڵIJÆÕþËðʧºÍ²É¹ºÁ÷³ÌµÄÑÓÎó¡£Ö»¹ÜRoseltorg°µÊ¾Ëùº±¼û¾ÝºÍ»ù´¡ÉèÊ©ÒÑÆëÈ«¸´Ô­ £¬ÂòÂôϵͳԤ¼Æ½«ºÜ¿ì¸´Ô­ÔËÐÐ £¬µ«½ØÖÁÓйر¨Â·×«Ð´Ê± £¬ÆäÍøÕ¾ÈÔ´¦ÓÚÀëÏß״̬¡£RoseltorgÊDZ¾ÔÂÔâµ½Ç×ÎÚ¿ËÀ¼ºÚ¿Í¹¥»÷µÄ¼¸¼Ò¶íÂÞ˹¹«Ë¾Ö®Ò» £¬ÆäËû¹«Ë¾Èç¶íÂÞ˹µ±¾Ö»ú¹¹RosreestrºÍ»¥ÁªÍøÌṩÉÌNodexÒ²Ôâµ½ÁËÀàËÆµÄ¹¥»÷¡£´Ë±í £¬Ò»¸öÃûΪCyber Anarchy SquadµÄÎÚ¿ËÀ¼ºÚ¿Í×éÖ¯»¹°ä·¢¹¥»÷Á˶íÂÞ˹¿Æ¼¼¹«Ë¾Infobis £¬Ðû³ÆÇÔÈ¡ÁË3TBµÄÐÅÏ¢²¢·ÛËéÁ˸ù«Ë¾µÄ²¿ÃÅ»ù´¡ÉèÊ©¡£


https://therecord.media/russian-platform-for-state-procurement-hit-cyberattack


2. Avery ProductsÔâºÚ¿Í¹¥»÷ £¬6Íò¿Í»§Êý¾Ýй¶


1ÔÂ15ÈÕ £¬°¬Àû²úÆ·¹«Ë¾£¨Avery Products Corporation£© £¬Ò»¼ÒרһÓÚ²»¸É½º±êÇ©¡¢·þ×°Æ·ÅÆÔªËØ¼°Ó¡Ë¢·þÎñµÄÃÀ¹úÆóÒµ £¬½üÆÚÖÒ¸æ³ÆÆäÍøÕ¾avery.comÔâ·êÁ˺ڿ͹¥»÷ £¬µ¼Ö¿ͻ§ÐÅÓþ¿¨ºÍÓ×ÎÒÐÅϢй¶¡£2024Äê12ÔÂ9ÈÕ £¬¹«Ë¾·¢ÏÖÕâÒ»¹¥»÷ £¬¾­ÄÚ²¿Êý×Öȡ֤ר¼Òµ÷²éÈ·ÈÏ £¬¹¥»÷ÕßÔçÔÚͬÄê7ÔÂ18ÈÕ¾ÍÔÚÆäÔÚÏßÉ̵êÖ²ÈëÁË¿¨Æ¬µÁË¢Æ÷ £¬ÒÔÖÁ7ÔÂ18ÈÕÖÁ12ÔÂ9ÈÕÆÚ¼äÔÚÍøÕ¾ÉÏÊäÈëµÄÖ§¸¶ÐÅÏ¢±»ÇÔÈ¡¡£Ð¹Â¶ÐÅÏ¢Ô̺¬ÐÕÃû¡¢µØÖ·¡¢µç×ÓÓʼþ¡¢µç»°ºÅÂë¡¢Ö§¸¶¿¨ºÅ¡¢CVVÂë¡¢ÓÐЧÆÚ¼°²É°ì½ð¶îµÈ £¬ËäÎ´Éæ¼°Éç»á°²È«ºÅ¡¢¼ÝÕպš¢Éí·ÝÖ¤ºÅ¼°µ®ÉúÈÕÆÚµÈÃô¸ÐÐÅÏ¢ £¬µ«ÒÑ×ã¹»½øÐÐڲƭÂòÂô¡£Avery°µÊ¾ £¬ËäÎÞ·¨È·ÈÏڲƭÊÕ·ÑÓëÕâ´ÎÊÂÎñÖ±½ÓÓйØ £¬µ«Òѽӵ½¿Í»§Ôâ·êڲƭÐÔÊշѺÍÍøÂç´¹µöÓʼþµÄ»ã±¨¡£Õâ´ÎÊÂÎñÓ°ÏìÁË61,193Ãû¿Í»§ £¬AveryΪ´ËÌṩ12¸öÔÂÃâ·ÑÐÅÓþ¼à¿Ø·þÎñ £¬²¢½¨ÒéÊÕ¼þÈ˾¯Ìèδ¾­ÒªÇóµÄͨѶ £¬ÊµÊ±»ã±¨¿ÉÒɻ¡£Í¬Ê± £¬¹«Ë¾ÉèÁ¢ÁËÔ®ÊÖÈÈÏß £¬ÒÔ½â´ð¿Í»§¶Ô´ËÊÂÎñµÄÒÉÄѺÍÓÇÓô¡£


https://www.bleepingcomputer.com/news/security/label-giant-avery-says-website-hacked-to-steal-credit-cards/


3. MikroTik½©Ê¬ÍøÂçÀûÓÃSPFÅäÖÃÃýÎó´«²¼¶ñÒâÈí¼þ


1ÔÂ15ÈÕ £¬Ò»¸öÓÉÔ¼13,000̨MikroTikÉ豸×é³ÉµÄ½©Ê¬ÍøÂç±»·¢ÏÖÀûÓÃÓòÃû·þÎñÆ÷¼Í¼ÖеÄÃýÎóÅäÖÃÀ´Èƹýµç×ÓÓʼþ±£»¤ £¬²¢ºýŪԼĪ20,000¸öÍøÂçÓò´«²¼¶ñÒâÈí¼þ¡£¸Ã¶ñÒâ»î¶¯ÓÚ2024Äê11ÔÂÏÂÑ®ÆðÍ·»îÔ¾ £¬ÍþвÐÐΪÕßͨ¹ýαÔìDHL ExpressµÄÔËÊ乫˾Éí·Ý £¬·¢ËÍ´øÓжñÒâJavaScriptÎļþµÄZIP¸½¼þ £¬¸ÃÎļþÄÜ»ã±àºÍÔËÐÐPowerShell¾ç±¾ £¬½ø¶øÓëλÓÚ֮ǰÓë¶íÂÞ˹ºÚ¿ÍÓйصÄÓòÖеĺÅÁîºÍ½ÚÔì·þÎñÆ÷³ÉÁ¢ÏνÓ¡£DNS°²È«¹«Ë¾InfobloxÖ¸³ö £¬ÕâЩ¶ñÒâÓʼþÏÔʾ³ö´óÁ¿ÓòÃûºÍSMTP·þÎñÆ÷IPµØÖ· £¬½ÒʾÁËÒ»¸öÖØ´óµÄ½©Ê¬ÍøÂç¡£Ô¼20,000¸öÓòµÄSPF DNS¼Í¼ÅäÖùýÓÚ¿íËÉ £¬Ê¹ÓÃÁË¡°+all¡±Ñ¡Ïî £¬ÔÊÐíÈκηþÎñÆ÷´ú±íÕâЩÓò·¢Ë͵ç×ÓÓʼþ £¬ÕâΪºýŪºÍδ¾­ÊÚȨµÄµç×ÓÓʼþ·¢ËÍÌṩÁË»úÓö¡£MikroTikÉ豸ÒòÆäÖ°ÄÜ׳´ó¶ø³ÉΪָ±ê £¬Ö»¹ÜÈ¥ÄêÏÄÌìÒѶ½´ÙÉ豸ËùÓÐÕ߸üÐÂϵͳ £¬µ«²¹¶¡°ä²¼»ºÂý £¬ºÜ¶à·ÓÉÆ÷ÈÔ´æÔÚ·ì϶¡£¸Ã½©Ê¬ÍøÂ罫É豸ÅäÖÃΪSOCKS4´úÀí £¬ÓÃÓÚÌáÒéDDoS¹¥»÷¡¢·¢ËÍÍøÂç´¹µöÓʼþ¡¢ÇÔÈ¡Êý¾Ý £¬²¢¸²¸Ç¶ñÒâÁ÷Á¿ÆðÔ´¡£


https://www.bleepingcomputer.com/news/security/mikrotik-botnet-uses-misconfigured-spf-dns-records-to-spread-malware/


4. ºÚ¿ÍÀûÓùȸèËÑË÷¸æ°×ÍÆ¹ã´¹µöÍøÕ¾ÇÔÈ¡¸æ°×ÉÌÆ¾Ö¤


1ÔÂ15ÈÕ £¬ÍøÂç·¸×ï·Ö×ÓÈç½ñ¾¹ÀûÓùȸèËÑË÷¸æ°×ÍÆ¹ã´¹µöÍøÕ¾ £¬Ì°Í¼ÇÔÈ¡¸æ°×ÉÌµÄ¹È¸è¸æ°×ƽ̨ƾ֤ £¬ÕâÒ»ÐÐΪ¼«¾ß³°·íÒâζ¡£ËûÃÇͨ¹ýÔÚGoogleËÑË÷ÉÏͶ·Å¼ÙÒâGoogle¸æ°×µÄ¸æ°× £¬ÏÔʾΪÔÞÖúÁ˾Ö £¬ÓÕµ¼Ç±ÔÚÊܺ¦Õß½øÈë¿´ËÆ¹Ù·½µÄÐéαµÇÂ¼Ò³Ãæ £¬½ø¶øÆ­È¡ÕË»§ÐÅÏ¢¡£ÕâЩ´¹µöÒ³ÃæÍйÜÔÚGoogle SitesÉÏ £¬ÆäURLÓëGoogle AdsµÄ¸ùÓòÏàÆ¥Åä £¬Ê¹µÃ¼Ù×°Ô½·¢ÕæÇÐ £¬µÈÏÐÈÆ¹ýÁËÖ¼ÔÚÔ¤·ÀÀÄÓúͼÙÒâµÄ¹æ¶¨¡£¾ÝÊܺ¦ÕßÃèÊö £¬¹¥»÷Á÷³ÌÔ̺¬ÊäÈëÕË»§ÐÅÏ¢¡¢ÍøÂç±êʶ·ûºÍƾ֤¡¢ÊÕµ½Òì³£µÇ¼µØÖ·ÌáÐÑÒÔ¼°ÕË»§±»ÐÂÖÎÀíÔ±ÊÕÊܵȽ׶Ρ£ÖÁÉÙÓÐÈý¸öÍøÂç·¸×ïÍÅ»ïÉæ¼°´ËÀ๥»÷ £¬ËûÃÇ×îÖÕÖ÷ÕÅÊÇÔÚºÚ¿ÍÂÛ̳ÉÏÏúÊÛ±»µÁÕË»§²¢·¢Æð¸ü¶à¹¥»÷¡£Malwarebytes LabsÖ¸³ö £¬ÕâÊÇËûÃÇ×·×Ùµ½µÄ×î¶ñÁӵĶñÒâ¸æ°×Ðж¯Ö®Ò» £¬¿ÉÄÜÓ°ÏìÈ«ÇòÊýǧÃû¿Í»§¡£¶ø¹È¸èÔò°µÊ¾Ã÷È·²»ÈÝ´ËÀàºýŪÐÔ¸æ°× £¬²¢ÔÚ»ý¼«µ÷²é²¢²ÉÈ¡Ðж¯¡£


https://www.bleepingcomputer.com/news/security/hackers-use-google-search-ads-to-steal-google-ads-accounts/


5. Wolf Haldenstein ÔâÊý¾Ýй¶ £¬½ü350ÍòÈËÐÅÏ¢ÊÜÓ°Ïì


1ÔÂ16ÈÕ £¬Wolf Haldenstein Adler Freeman & Herz LLP£¨Wolf Haldenstein£© £¬Ò»¼Ò³ÉÁ¢ÓÚ1888Äê²¢ÔÚÃÀ¹ú¶àµØÉèÓд¦Ê´¦µÄ³ÛÃûÂÉʦÊÂÎñËù £¬ÓÚ2023Äê12ÔÂ13ÈÕÔâ·êÁËÊý¾Ýй¶ÊÂÎñ¡£ºÚ¿ÍÇÔÈ¡Á˽ü344ÍòÈ˵ÄÓ×ÎÒÐÅÏ¢ £¬Ô̺¬ÐÕÃû¡¢Éç»á°²È«ºÅÂë¡¢Ô±¹¤¼ø±ðºÅ¡¢Ò½ÁÆÕï¶Ï¼°Ë÷ÅâÐÅÏ¢µÈÃô¸ÐÊý¾Ý¡£ÓÉÓÚÊý¾Ý·ÖÎöºÍÊý×Öȡ֤µÄ¸´ÔÓÐÔ £¬¸ÃÊÂÎñµÄµ÷²é½ø¶ÈÑϳÁÖͺó £¬Ö±µ½2024Äê12ÔÂ3ÈÕ²Å×îÖÕÈ·¶¨ÁËÊÜÓ°ÏìÈËÊý¡£È»¶ø £¬ÓÉÓÚÎÞ·¨ÕÒµ½²¿ÃÅÊÜÓ°ÏìÈËÔ±µÄÁªÏµÐÅÏ¢ £¬Wolf HaldensteinÉÐδÏòËùÓÐÈË·¢ËÍ֪ͨ¡£Ö»¹ÜûÓÐÖ¤¾ÝÅú×¢Êý¾ÝÒѱ»ÀÄÓà £¬µ«Ð¹Â¶µÄÐÅÏ¢¿ÉÄÜʹÊÜÓ°ÏìÓ×ÎÒÃæ¶ÔÍøÂç´¹µö¡¢Ú¿Æ­µÈ·çÏÕÔö³¤¡£¸Ã¹«Ë¾ÒѶԴ洢ÔÚ·þÎñÆ÷ÉϵÄÊý¾Ý½øÐÐÁ˾ßÌåÉó²é £¬²¢Îª¿ÉÄÜÊÜÓ°ÏìµÄÓ×ÎÒÌṩ²¹³äÐÅÓþ¼à¿Ø±£ÏÕ¡£Í¬Ê± £¬Wolf Haldenstein¼¤ÀøÓ×ÎÒά³Ö¾¯Ìè £¬ÉèÖÃڲƭ¾¯±¨»ò°²È«¶³½á¡£Ä¿Ç° £¬Éв»Ã÷ÏÔй¶µÄÊý¾ÝÊÇÊôÓÚ¿Í»§¡¢Ô±¹¤»¹ÊÇÆäËû´æ´¢ÔÚÆä·þÎñÆ÷ÉϵÄÓ×ÎÒ¡£ÈôÊÇÄúÓëWolf HaldensteinÓÐÒµÎñÍùÀ´ £¬½¨ÒéÁªÏµËûÃÇÏàʶ´ËÊÂÎñ¶ÔÄúµÄÓ°Ïì¡£


https://www.bleepingcomputer.com/news/security/wolf-haldenstein-law-firm-says-35-million-impacted-by-data-breach/


6. W3 Total Cache²å¼þ´æÑϳÁ·ì϶ £¬ÊýÊ®ÍòWordPressÍøÕ¾Ãæ¶Ô·çÏÕ


1ÔÂ16ÈÕ £¬W3 Total Cache²å¼þÊÇÒ»¿î¿í·ºÀûÓÃÓÚWordPressÍøÕ¾µÄ¼Ó¿ì¹¤¾ß £¬½üÆÚ±»·¢ÏÖ´æÔÚÒ»¸ö±àºÅΪCVE-2024-12365µÄÑϳÁ°²È«·ì϶¡£¸Ã·ì϶¿ÉÄܵ¼Ö¹¥»÷ÕßµÈÏнӼûÃô¸ÐÐÅÏ¢ £¬Ô̺¬ÔÆÀûÓÃÔªÊý¾Ý £¬¶ÔÍøÕ¾°²È«×é³É³Á´óÍþв¡£Ö»¹Ü¿ª·¢ÈËÔ±ÒÑÔÚ×îа汾2.8.2Öн¨¸´ÁË´ËÎÊÌâ £¬µ«ÈÔº±¼ûÊ®ÍòÍøÕ¾ÉÐδ¸üР£¬ÈÔ´¦ÓÚ·çÏÕÖ®ÖС£WordfenceÖ¸³ö £¬·ì϶ԴÓھɰ汾ÖÓ×°is_w3tc_admin_page¡±º¯ÊýµÄÖ°Äܲ鳭ȱʧ £¬Ê¹µÃ¹¥»÷ÕßÄÜÔڵͼ¶±ðÉí·ÝÑéÖ¤ºóÖ´ÐÐδÊÚȨ²Ù×÷¡£´Ë·ì϶µÄ·çÏÕÔ̺¬·þÎñÆ÷¶ËÒªÇóαÔì¡¢ÐÅÏ¢Åû¶ºÍ·þÎñÀÄÓà £¬¿ÉÄܵ¼ÖÂÃô¸ÐÊý¾Ýй¶¡¢ÍøÕ¾»úÄܽµÂä¼°³É±¾Ôö³¤¡£ÊÜÓ°ÏìÓû§Ó¦¾¡¿ìÉý¼¶ÖÁW3 Total Cache 2.8.2°æ±¾ÒÔ½â³ýÒþ»¼¡£Í¬Ê± £¬ÍøÕ¾ËùÓÐÕßÓ¦ÉóÉ÷×°Öòå¼þ £¬Ô¤·À²»ÓÃÒªµÄ²úÆ· £¬²¢Ë¼¿¼Ê¹ÓÃWebÀûÓ÷¨Ê½·À»ðǽÀ´¼ø±ðºÍ×èÖ¹¹¥»÷³¢ÊÔ £¬ÒÔ½øÒ»²½ÌáÉýÍøÕ¾°²È«ÐÔ¡£


https://www.bleepingcomputer.com/news/security/w3-total-cache-plugin-flaw-exposes-1-million-wordpress-sites-to-attacks/